The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Thursday, September 23, 2010

A day after the Canadian Privacy Commissioner stated that Facebook had gotten its house in order, the Privacy Commissioner of Queensland, Australia, has piled on the social networking site.

I have to take issue with some of her comments. She claims that Facebook is deceptive because it bills itself as a site for users to share and connect with friends, while its motives are to make money.

Give me a break. I've had issues with Facebook and their policies, but the suggestion that somehow they are suspect simply because it's a for-profit venture does nothing to move the privacy discussion forward. This is a notion I've been hearing more and more from speakers at conferences. Feel free to criticize them for for what they do or how they do it. Even be suspicious of their motives, but never lose sight of the fact that the service is what it is only because they make money.

Facebook is free to all of its users, paid for by advertisers. The company operates multi-million dollar data centres loaded with expensive servers. Bandwidth isn't cheap, either. Would they have 500,000,000 users if they required each of them to pony up cash? Nope. Most of the internet is advertising supported and users are used to online services being free.

Part of the implicit contract that users have with almost all free services (broadcast TV included) is that it is paid for by ads. If the ads don't generate enough revenue, the users either have to pay or the service goes away. Often, if the users have to pay, they go away and the service goes away. This, in and of itself, is really a non-issue and Facebook is not at all unique in this.

Feel free to criticize Facebook for its privacy policies, its privacy practices and how it manages user information, but don't confuse the issue by pointing to the simple fact that they make their money from advertising.

Speaking on a panel at the World Computer Congress in Brisbane, Matthews highlighted the "enormous power" wielded by the social network with more than 500 million users.

Facebook promoted itself as a community; a place to share and connect with other human beings. But like most companies, its goal was to make money, she said.

"There's nothing wrong with making money; what's wrong is that it deceives potential users about that," Matthews said.

"There's a big difference [to users] between choosing to share your personal information to make friends, and sharing your personal information to make someone lots of money."

Corporate advisory lawyer Anna Sharpe, who was also on the panel, described her work on brand networks, which companies used to build rapport with their customers.

Rather than the vague, oft-used statement, "we will use your information for marketing", Sharpe said companies should disclose the information stored, its use and the parties that may access it.

"Given the complexity, I think the onus is on organisations to be a lot clearer on their privacy wordings," she said.

Although companies like Facebook, Google and Sun Microsystems have previously claimed that privacy was a thing of the past, panellists said the case for privacy still could be won.

"The auction is in full swing," said Goethe University professor Kai Rannenberg, addressing the session's theme: "Privacy ... going, going, gone?"

Rannenberg highlighted "privacy gateway infrastructure components" used by mobile telcos T-mobile Germany and Deutche Telekom that allowed users to determine how their information was used and with whom it was shared.

Personal information, he said, was an asset, and privacy required: the minimisation and decentralisation of data; empowering users; user-controlled identity management; privacy by design; and privacy standards.

Fellow panellist and Australian Privacy Foundation chair Roger Clarke observed that privacy would become more of a concern for those born after 1995, the i-Generation.

He observed that as Generation Y - those born between 1980 and 1995 - faced the impact of having their information stored and published online, 'iGen' would become more careful.

"Youth have always been risk-talkers," Clarke said. "The big thing that's changed is not the behaviour; it's the impact of the behaviour, how long that data exists and how many people have access to it."

"iGens are already absorbing those messages ... What will actually happen is that the young generation of right now will be more privacy conscious and more privacy demanding than their predecessors were."

Please note that I am only able to provide legal advice to clients of my firm. If you have a privacy matter, please contact me about becoming a client. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser may not be protected by solicitor-client privilege.

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Due to professional ethics, the author may not be able to comment on matters in which a client has an interest. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.